There are more than 300 social networking sites on the Web today. Consumer social networking sites include dating services like OkCupid, sites for school children such as Bebo and Facebook and general sites such as the hugely popular indie music networking site MySpace. LinkedIn and OpenBC and other business-focused sites provide a means to connect employees together and with other contacts around the world. Social networking sites and the thousands of other websites that rely on user-contributed content are broadly referred as“Web 2.0”.
But while the explosion in the popularity of Web 2.0 sites has changed the way we communicate and use the Web, it has also created an irresistible target for malware authors. As more and more users go online to take advantage of Web 2.0 applications like social-networking sites, blogs, and wikis, malware authors are right behind them, opening up yet another front in the constant cat-and-mouse game between security defenses and hackers.
Early Web 2.0-focused threats emerged in earnest in 2005. By October 2005, one creative MySpace user unleashed the Samy worm, a cross-site scripting worm that allowed him to add one million users to his "friends" list. While the damage was limited, the implications of the Samy worm were huge.
Samy opened the security community’s eyes to the potential for abuse of AJAX and Web 2.0 applications. Cross-site scripting worms can insert malicious code into dynamically generated Web pages and allow an attacker to change user settings, access account information, poison cookies with malicious code, expose SSL connections and access restricted sites.
Keep in mind that, Web 2.0 sites aren’t just for consumers. More and more businesses are pushing applications to the Web. In 2006, Web 2.0 threats started to occur more frequently and on a larger scale.
In mid-July 2006, an online banner advertisement (DeckOutYourDeck.com) on MySpace.com used the Windows Metafile Flaw (WMF) to infect more than 1 million users with spyware when they merely browsed the sites with unpatched versions of Windows. Later that month a worm was discovered on the site that embeds Java script into user profiles. The profiles redirected users to a site claiming the U.S. Government was behind the September 11th attacks.
In August 2006, the ScanSafe Threat Center found that up to one in every 600 social-networking pages hosted malware. It also found that the use of social networking sites, often assumed to be popular only with teens, accounted for around 1 per cent of all Web use in the workplace, so posing a potential ‘open-door’ risk for businesses too.
Three months later, an entry on the German edition of Wikipedia was re-written to include false information about a supposedly new version of the infamous Blaster worm, along with a link to a supposed 'fix'. In reality, the link pointed to malware designed to infect Windows PCs. And in December 2006, a Quick Time exploit was used on MySpace to spread malware via video. The virus eventually forced MySpace to remove infected profiles.
But why has Web 2.0 become a new threat vector for malware authors and criminals?
Web 2.0 sites are by definition more open than traditional sites. The hundreds of thousands of users contributing content to Web 2.0 sites make it easy for malware authors to hide and insert malware on dynamically generated Web 2.0 pages.
However, because a site is well known, trust by association is created where no trust should exist. For example, a book review posted by a user on Amazon.com is probably viewed by most users as legitimate content on a trusted, brand name site.
ScanSafe’s research also revealed the presence of referrals to adult-themed personals sites, such as “adultfriendfinder.com,” on social network sites popular with teens.
The presence of adult-oriented adware is disturbing, not only because much of it is inappropriate content for minors, but because underage users may not be in a position to consent to installing adware or understand the end-user licence agreement.
Source |
